Is China at it again?
I’m seriously questioning if this latest security breach is an act of the Chinese Government. We all know about “Operation Aurora” that involved companies such as Google, Adobe, Juniper, Yahoo and Dow Chemical. Once you add The Iowa Racing and Gaming Commission to that list, that’s where things don’t seem to match up.
The Des Moines Register printed an article yesterday stating that the Iowa Racing and Gaming Commission had been breached and gave up personal information including names, social security numbers, addresses and dates of birth of about 80,000 people. The lead investigators in the case had the following to say:
“Iowa investigators suspect a serious breach of a state government computer database last week originated in China, which a congressional panel says has increased its use of cyber espionage tactics.”
Now call me crazy, but this just doesn’t sound like a potential target for the same people that just hacked Adobe, Google and Yahoo. If the Chinese Government was in fact behind Operation Aurora, The Iowa Racing and Gaming Commission doesn’t seem like it would be next on their list.
There seems to be some confusion regarding whether or not the firewall was properly patched or not. The Racing and Gaming Commission’s security is maintained by a company called Ambient Consulting of Minneapolis. Robert Keller, CTO of Ambient says that all patches were applied before the logs show the breach occuring. He also says:
“There is nothing to show that even if all the patches had been installed, they still wouldn’t have gotten in because they had already gotten through the state’s firewall.”
Seems pretty contradicting, huh? Maybe The CISO Group should contact The State of Iowa and see if they’re ready to switch their consulting company and use “CISO-on-Demand” 
…Josh
Josh, you probably didn't know this but the Iowa Gaming commission hosts the IOWA Hog Farmers World Series of Poker. I bet they Chinese were trying to get the inside scoop on some hog farmers to use in their plot to dominate the pork industry
LOL. I agree this just seems like your run of the mill cyber criminals who may happen to be Chinese!
You'd better watch the Iowa comments. A certain someone we know from South Dakota might take offense (South Dakota and Iowa are the same thing, right?
Josh thank you for defending my honor, but Iowa and South Dakota are really only similar to the untrained eye. Only SD can offer the Corn Palace, Mt Rushmore, Crazy Horse, Sturgis, Deadwood AND Wall Drug! Looks like we’ve found a destination for a little vacation! Great, I’ll book the tickets. Corn Palace here we come!!!
Alan, Let me know if I should book 3 tickets.
Nikole, as much as it has always been my dream to visit South Dakota, I am going to pass this one time. But thanks for the offer and please keep me in mind the next time you are visiting paradise
"I’m seriously questioning if this latest security breach is an act of the Chinese Government. "
You can ask the same about the previous incidents. Although there is no doubt that China is spying, the revelations seem to be timed from a political point of view, as the new offensive cybersecurity doctrine is implemented by the Pentagon (part of the Quadrennial Defense Review). Also it's odd to see how these incidents go all the way to the top of Nato and the United Nations.
Given these aspects, the incidents seem to be pretty much driven by politics. At the same time, no forensic evidence has proven beyond doubt that Chinese were responsible, or that Chinese authorities were involved. Command and control servers which were allegedly used in the attacks were hosted in Taiwan and in the United States.